• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

FTP filter problem ISA ?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> General >> FTP filter problem ISA ? Page: [1]
Login
Message << Older Topic   Newer Topic >>
FTP filter problem ISA ? - 2.Oct.2001 10:37:00 PM   
awf

 

Posts: 8
Joined: 11.May2001
From: Netherlands
Status: offline
Internal client can't access FTP site's that use different port then 21 via ISA

Client configuration is Secure Nat
Protocol rule for FTP configured.
Packet filter also.

FTP application filter enabled.

Error message in web browser (tried in port and pasv mode) is:

ISA extended error message:

200 Type set to A
500 invalid port command

If we access the same FTP site via our old firewall (pgp) / proxy (wingate)no problem.

Any ideas, or do we have to wait for service pack 1?

Post #: 1
RE: FTP filter problem ISA ? - 3.Oct.2001 4:08:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Awf,

Try this:

1. Install Firewall client on internal network clients

2. Diable the FTP Access Application Filter

3. Create a Protocol Def. and Protocol Rule to allow access

HTH,

Tom

------------------
http://www.isaserver.org/shinder/



Get It Here!


(in reply to awf)
Post #: 2
RE: FTP filter problem ISA ? - 3.Oct.2001 5:55:00 AM   
HJB417

 

Posts: 187
Joined: 24.Jul.2001
From: nYc
Status: offline
Is it ok to disable the ftp download filter if you make an "allow all traffic" rule in the protocol rules? Will the firewall clients still be able to download off ftps and stuff? using any port #?

------------------
5 computer network (1 win9x, 4 win2k), HPNA 1mb network, cable modem.

===================================
don't forget to do security tests
---------------------------------

http://www.vulnerabilities.org/analysis.html
http://www.sdesign.com:8080/cgi-bin/fwtest.cgi
http://scan.sygatetech.com/
http://www.dslreports.com/scan
http://www.dslreports.com/secureme (I love this one)

----------


(in reply to awf)
Post #: 3
RE: FTP filter problem ISA ? - 3.Oct.2001 9:58:00 PM   
awf

 

Posts: 8
Joined: 11.May2001
From: Netherlands
Status: offline
Tom thanks for your answer, however we want to avoid to install the firewall client on 125 clients...

So our first choice is to make this work via the ftp application filter and secure nat clients...

Or is this a problem with the filter?



(in reply to awf)
Post #: 4
RE: FTP filter problem ISA ? - 4.Oct.2001 8:40:00 AM   
Nuddelaug

 

Posts: 167
Joined: 25.Apr.2001
From: Wien
Status: offline
Hi awf

it looks like an similar problem i had too on a proftpd Server under Linux.

Try seeking for the allowed commands and see if the sent command is valid or not.

My problem on proftpd was that the regexp included trailing dot¦s and disallowed characters.

Greetz Nuddi


(in reply to awf)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> General >> FTP filter problem ISA ? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts